Managing data in compliance with regulated privacy, security, and electronic transaction standards

ABSTRACT

Systems and methods for managing data in compliance with regulated privacy, security, and electronic transaction standards. Implementation of the present invention takes place in association with one or more computer devices that are used in a system to manage data in compliance with regulated privacy, security, and electronic transaction standards. In one implementation, the system includes a single point of entry for external and/or internal requests, and/or a single point of exit for transmissions of information, wherein the transmissions include individually identifiable patient information to legitimate patient-approved requests. Implementation of the present invention further embraces the de-identification of information that may be selectively used and/or sold. The de-identification prevents the identification of patients corresponding to the medical information, thus allowing the information to be useful while still preserving professional confidences. Moreover, implementation of the present invention embraces fully digital authorizations and consents for retrieval from external data sources.

RELATED APPLICATIONS

This application claims priority to U.S. Provisional Patent ApplicationSer. No. 60/380,679 filed May 15, 2002, entitled MANAGING DATA INCOMPLIANCE WITH REGULATED PRIVACY, SECURITY, AND ELECTRONIC TRANSACTIONSTANDARDS.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to information management. In particular,the present invention relates to systems and methods for managing datain compliance with regulated privacy, security, and electronictransaction standards.

2. Background and Related Art

Information management has become an important part of businesspractice. For example, in the medical arena, information is gatheredfrom patients, physician services, medical research, medical training,insurance policy underwriting, and the like. The medical information hasproven to be beneficial to patients, physicians, other medial serviceproviders, and other business entities. For example, insurance companiesthat provide life, health, disability income, long term care, casualty,and reinsurance policies routinely require medical information foranalysis as to policy eligibility. Typically, the analysis of medicalinformation includes reviewing such medical records as an attendingphysician's statement, which is considered to be a very reliable recordas it contains analyses and conclusions by a licensed medicalprofessional. Medical records are also used in determining the amount ofrisk presented by an individual for a policy, and in determiningcausation and other issues relevant to insurance claim adjusting.

Currently, medical records are generally available, but are not easilyaccessible because of the confidential nature of the information.Accordingly, the medical records are protected by establishedprofessional conduct and by enacted legislation requiring the patient'sconsent prior to disclosure of the medical record information. Further,a large majority of the medical record information is restricted topaper documentation that is located in the office file rooms of themedical service providers, restricting the sharing of information.

In order to prevent the expense of filling office space with voluminousrecords, some medical providers are migrating to electronic recordsystems, and are converting paper records to electronic records.However, like their paper counterparts, the electronic records typicallyremain isolated from external sources.

Currently, a delay is generally experienced when requesting informationfrom a medical information repository, such as a physician's office. Thedelay is due to the paper-only format of the records, the need forpersonnel time to pull the records and provide the requester with a copythereof, and the low priority that is assigned to such requests bymedical providers. Typically, the delay in underwriting insurancepolicies may cause applicants to lose interest, and cause a consequentloss of business to the insurer.

In an effort to shorten delays, some requesters utilize agents to travelto the various medical offices to manually retrieve copies of themedical records. Although this may partially accelerate the obtaining ofthe records, the cost in performing this service can be expensive andthe technique does not address the problem of determining whether theretrieved record is complete, and whether other records exist. Moreover,even when the existence and location of a record are known, itsrelevance remains uncertain until retrieved and reviewed.

Health care providers and emergency medical technicians also have a needto access medical records. Health care providers and emergency medicaltechnicians are typically required to make decisions regarding the careof a patient under circumstances in which paper records are unavailable.The inability for traditional techniques to provide medical recordinformation to health care providers and emergency medical techniciansincrease the risk of improper treatment and the likelihood of medicalmalpractice.

A further complication in the providing of medical information to aparticular requestor lies in the Health Insurance Portability andAccountability Act (HIPAA), which mandates regulations that governprivacy, security, and electronic transactions standards for health careinformation. The regulations require major changes in how health careorganizations handle all facets of medical information management,including reimbursements, coding, security, and patient records. Theregulations have a far-reaching impact on every department of everyentity that provides or pays for health care.

For example, HIPAA requires that the medical entity enable patients tofirst view any and all patient-specific information that the entity mayhave concerning them, and that the medical entity enable patients tomake annotations or comments pertinent to the information that theentity has provided. Further, patients may request that information becorrected. Accordingly, the entity is required to enable apatient-driven “editorial commenting” capability. While the medicalentity is not necessarily obligated to make any actual “corrections” totheir internal records, they are required to indicate that the patienthas registered their comments or made certain suggested changes to theirpersonal information.

Such requirements may generally be considered as a real detriment bymany medical entities. Yet to others it represents an opportunity forthe entity (e.g. a physician or others who may hold crucial clinicalinformation, such as a prescription history) to document and publish thefact that the patient himself has actually viewed and verified as of acertain date the accuracy and completeness of their personal informationthat the entity has about them. In the case of retrieving and viewing acurrent prescription history, the patient-verified history would be veryassuring to an emergency room physician that is treating the patient.

Accordingly, it would be an improvement in the art to enable affectedentities to comply with the regulations that have been enacted, and tofacilitate information management and exchange without breaching dutiesof confidentiality nor professional relationships.

SUMMARY OF THE INVENTION

The present invention relates to information management. In particular,the present invention relates to systems and methods for managing datain compliance with regulated privacy, security, and electronictransaction standards.

Implementation of the present invention takes place in association withone or more computer devices that are used in a system to manage data incompliance with regulated privacy, security, and electronic transactionstandards. In one implementation, the system includes a single point ofentry for external and/or internal requests, and/or a single point ofexit for transmissions of information, wherein the transmissions includeindividually identifiable patient information to legitimatepatient-approved requests. Implementation of the present inventionfurther embraces the de-identification of information that may beselectively used and/or sold. The de-identification prevents theidentification of patients corresponding to the medical information,thus allowing the information to be useful while still preservingprofessional confidences. Moreover, implementation of the presentinvention embraces fully digital authorizations and consents forretrieval from external data sources.

While the methods and processes of the present invention have proven tobe particularly useful in the area of managing medical information,those skilled in the art can appreciate that the methods and processescan be used in a variety of different applications and in a variety ofdifferent areas of manufacture to manage information, such as academicinformation, financial information, and the like.

These and other features and advantages of the present invention will beset forth or will become more fully apparent in the description thatfollows and in the appended claims. The features and advantages may berealized and obtained by means of the instruments and combinationsparticularly pointed out in the appended claims. Furthermore, thefeatures and advantages of the invention may be learned by the practiceof the invention or will be obvious from the description, as set forthhereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the manner in which the above recited and other featuresand advantages of the present invention are obtained, a more particulardescription of the invention will be rendered by reference to specificembodiments thereof, which are illustrated in the appended drawings.Understanding that the drawings depict only typical embodiments of thepresent invention and are not, therefore, to be considered as limitingthe scope of the invention, the present invention will be described andexplained with additional specificity and detail through the use of theaccompanying drawings in which:

FIG. 1 illustrates a representative system that provides a suitableoperating environment for use of the present invention;

FIG. 2 illustrates a representative networked system that enables datamanagement in compliance with regulated privacy, security, andelectronic transaction standards in accordance with the presentinvention;

FIG. 3 illustrates a representative system that allows a requester tointerface with a gatekeeper system to selectively obtain informationfrom one or more of a variety of sources in an information repository;

FIG. 4 illustrates a representative system that allows a requester tointerface with a clearinghouse system, which is in communication with avariety of medical systems (e.g., hospitals, clinics, laboratories,etc.), wherein each medical system includes a corresponding gatekeepersystem;

FIG. 5 illustrates a flowchart that provides a representative embodimentof processing that is performed to create, archive, and transmit apatient-specific report;

FIG. 6 illustrates a flowchart that provides a representative embodimentof processing that is performed to create, archive, and transmit ade-identified report; and

FIG. 7 illustrates a representative system that enables a requester toselectively obtain information from a public domain clearinghouse and/ora member clearinghouse, wherein the member clearinghouse enables membersto update and/or modify personal information.

DETAILED DESCRIPTION OF THE INVENTION

The present invention relates to information management. In particular,the present invention relates to systems and methods for managing datain compliance with regulated privacy, security, and electronictransaction standards.

Embodiments of the present invention take place in association with oneor more computer devices that are used in a system to manage data incompliance with regulated privacy, security, and electronic transactionstandards. In one embodiment, the system includes a single point ofentry for external and/or internal requests, and/or a single point ofexit for transmissions of information, wherein the transmissions includeindividually identifiable patient information to legitimatepatient-approved requests. Furthermore, embodiments of the presentinvention embrace fully digital authorizations and consents forretrieval from external data sources.

Embodiments of the present invention also embrace the de-identificationof information that may be selectively used and/or sold. Thede-identification prevents the identification of patients correspondingto the medical information, thus allowing the information to be usefulwhile still preserving professional confidences.

The following disclosure of the present invention is grouped into twosubheadings, namely “Exemplary Operating Environment” and “Managing Datain Compliance with Regulation Standards.” The utilization of thesubheadings is for convenience of the reader only and is not to beconstrued as limiting in any sense.

Exemplary Operating Environment

FIG. 1 and the corresponding discussion are intended to provide ageneral description of a suitable operating environment in whichembodiments of the invention may be implemented. One skilled in the artwill appreciate that the invention may be practiced by one or morecomputing devices and in a variety of system configurations, includingin a networked configuration.

Embodiments of the present invention embrace one or more computerreadable media, wherein each medium may be configured to include orincludes thereon data or computer executable instructions formanipulating data. The computer executable instructions include datastructures, objects, programs, routines, or other program modules thatmay be accessed by a processing system, such as one associated with ageneral-purpose computer capable of performing various differentfunctions or one associated with a special-purpose computer capable ofperforming a limited number of functions. Computer executableinstructions cause the processing system to perform a particularfunction or group of functions and are examples of program code meansfor implementing steps for methods disclosed herein. Furthermore, aparticular sequence of the executable instructions provides an exampleof corresponding acts that may be used to implement such steps. Examplesof computer readable media include random-access memory (“RAM”),read-only memory (“ROM”), programmable read-only memory (“PROM”),erasable programmable read-only memory (“EPROM”), electrically erasableprogrammable read-only memory (“EEPROM”), compact disk read-only memory(“CD-ROM”), or any other device or component that is capable ofproviding data or executable instructions that may be accessed by aprocessing system.

With reference to FIG. 1, a representative system for implementing theinvention includes computer device 10, which may be a general-purpose orspecial-purpose computer. For example, computer device 10 may be apersonal computer, a notebook computer, a personal digital assistant(“PDA”) or other hand-held device, a workstation, a minicomputer, amainframe, a supercomputer, a multi-processor system, a networkcomputer, a processor-based consumer electronic device, or the like.

Computer device 10 includes system bus 12, which may be configured toconnect various components thereof and enables data to be exchangedbetween two or more components. System bus 12 may include one of avariety of bus structures including a memory bus or memory controller, aperipheral bus, or a local bus that uses any of a variety of busarchitectures. Typical components connected by system bus 12 includeprocessing system 14 and memory 16. Other components may include one ormore mass storage device interfaces 18, input interfaces 20, outputinterfaces 22, and/or network interfaces 24, each of which will bediscussed below.

Processing system 14 includes one or more processors, such as a centralprocessor and optionally one or more other processors designed toperform a particular function or task. It is typically processing system14 that executes the instructions provided on computer readable media,such as on memory 16, a magnetic hard disk, a removable magnetic disk, amagnetic cassette, an optical disk, or from a communication connection,which may also be viewed as a computer readable medium.

Memory 16 includes one or more computer readable media that may beconfigured to include or includes thereon data or instructions formanipulating data, and may be accessed by processing system 14 throughsystem bus 12. Memory 16 may include, for example, ROM 28, used topermanently store information, and/or RAM 30, used to temporarily storeinformation. ROM 28 may include a basic input/output system (“BIOS”)having one or more routines that are used to establish communication,such as during start-up of computer device 10. RAM 30 may include one ormore program modules, such as one or more operating systems, applicationprograms, and/or program data.

One or more mass storage device interfaces 18 may be used to connect oneor more mass storage devices 26 to system bus 12. The mass storagedevices 26 may be incorporated into or may be peripheral to computerdevice 10 and allow computer device 10 to retain large amounts of data.Optionally, one or more of the mass storage devices 26 may be removablefrom computer device 10. Examples of mass storage devices include harddisk drives, magnetic disk drives, tape drives and optical disk drives.A mass storage device 26 may read from and/or write to a magnetic harddisk, a removable magnetic disk, a magnetic cassette, an optical disk,or another computer readable medium. Mass storage devices 26 and theircorresponding computer readable media provide nonvolatile storage ofdata and/or executable instructions that may include one or more programmodules such as an operating system, one or more application programs,other program modules, or program data. Such executable instructions areexamples of program code means for implementing steps for methodsdisclosed herein.

One or more input interfaces 20 may be employed to enable a user toenter data and/or instructions to computer device 10 through one or morecorresponding input devices 32. Examples of such input devices include akeyboard and alternate input devices, such as a mouse, trackball, lightpen, stylus, or other pointing device, a microphone, a joystick, a gamepad, a satellite dish, a scanner, a camcorder, a digital camera, and thelike. Similarly, examples of input interfaces 20 that may be used toconnect the input devices 32 to the system bus 12 include a serial port,a parallel port, a game port, a universal serial bus (“USB”), a firewire(IEEE 1394), or another interface.

One or more output interfaces 22 may be employed to connect one or morecorresponding output devices 34 to system bus 12. Examples of outputdevices include a monitor or display screen, a speaker, a printer, andthe like. A particular output device 34 may be integrated with orperipheral to computer device 10. Examples of output interfaces includea video adapter, an audio adapter, a parallel port, and the like.

One or more network interfaces 24 enable computer device 10 to exchangeinformation with one or more other local or remote computer devices,illustrated as computer devices 36, via a network 38 that may includehardwired and/or wireless links. Examples of network interfaces includea network adapter for connection to a local area network (“LAN”) or amodem, wireless link, or other adapter for connection to a wide areanetwork (“WAN”), such as the Internet. The network interface 24 may beincorporated with or peripheral to computer device 10. In a networkedsystem, accessible program modules or portions thereof may be stored ina remote memory storage device. Furthermore, in a networked systemcomputer device 10 may participate in a distributed computingenvironment, where functions or tasks are performed by a plurality ofnetworked computer devices.

While those skilled in the art will appreciate that the invention may bepracticed in networked computing environments with many types ofcomputer system configurations, FIG. 2 represents an embodiment of thepresent invention in a networked environment that includes clientsconnected to a server via a network. While FIG. 2 illustrates anembodiment that includes two clients connected to the network,alternative embodiments include one client connected to a network ormany clients connected to a network. Moreover, embodiments in accordancewith the present invention include a multitude of clients throughout theworld connected to a network, where the network is a wide area network,such as the Internet.

In FIG. 2, clients 50 and 60 exchange information with informationretrieval system 40 via network 70. Such information exchanges includethe submission of a request for information by a client to theinformation retrieval system. Such requests may be in the form ofelectronic data. Network interfaces 42, 52, and 62 enable the exchangeof information between clients 50 and 60 and information retrievalsystem 40, which includes servers 44 and storage devices 46. In theillustrated embodiment, servers 44 process the methods disclosed hereinto respond to requests by clients 50 and 60 as to the obtaining ofinformation, which is preserved at storage device(s) 46. Once therequested information is selectively obtained, a report is preserved bysystem 40 and a copy of the report is transmitted back to the requestorin response to the request, as will be further discussed below.

Managing Data in Compliance with Regulation Standards

As discussed above, embodiments of the present invention take place inassociation with one or more computer devices that are used in a systemto manage data in compliance with regulated privacy, security, andelectronic transaction standards. In particular, embodiments of thepresent invention embrace a single point of entry for external and/orinternal requests, and/or a single point of exit for transmissions ofinformation.

With reference now to FIG. 3, a representative system is illustratedthat allows a requestor 80 to interface with a gatekeeper system 90 toselectively obtain information from one or more of a variety of sourcesin an information repository 100. Requestor 80 represents any person orentity that desires to obtain information. Examples of such requestersinclude insurance companies, care providers, researchers, patients, andthe like.

Enabling the Patient to View their Personal Information

For example, the requester 80 may request to see particular informationfrom a covered medical entity. The enterprise provides for thiscapability via retrieval request and processing procedures that areafforded to the requestor (e.g. an insurance underwriter) who presentsan authenticated authorization or signed consent by the patient.Therefore, the patients themselves may request a copy of any and all oftheir patient-specific information at any time. The entity responds bysending the information to the requestor in a timely manner.

In the illustrated embodiment, the information repository 100 includes avariety of information/data sources that may be located locally orremotely from eachother. The illustrated data sources include enterpriseclinical data repository 104 a, pathology laboratory system(s) 104 b,in-patient pharmacy system(s) 104 c, clinical laboratory system(s) 104d, enterprise master person index 104 e, radiology information system(s)104 f, and other data source system(s) 104 g. Accordingly, wheninformation is requested, the data is selectively obtained from one ormore of the data sources using an interface engine 102, which interfaceswith gatekeeper system 90 to provide a report in response to requester80.

As illustrated, gatekeeper system 90 provides a single point of entryfor requests. The requests may be from external or internal requesters.Accordingly, anyone that is authorized enters requests through a singlepoint of entry. In one embodiment, the point of entry receivesfully-digital authorizations and consents for retrieval from externalsources, bringing diverse external data feeds through the entry point tofacilitate patient safety.

As will be further discussed below, processing performed by theenterprise to respond to requests received include processing anauthenticated request for a copy of a patient-specific record.Embodiments of the present invention embrace the use of flags tofacilitate processing. For example, a flag is set for the output of allretrieval functions to be in a desired format so that the entity mayeasily print the information/documents or electronically transmit themto the requestor in a format that is useful to the requestor. A flag isset in an index of gatekeeper system 90 and also in the specific recordin the audit trail archive at gatekeeper system 90 that the request is,for example, a patient-driven request. A flag is set in the index ofgatekeeper system 90 and also in the specific record in the audit trailarchive of gatekeeper system 90 that the information in this record hasnot yet been commented upon by the patient.

Other processing includes the preparation of a cover page that includesspecific information and instructions for the patient delineating theirrights under a particular law or regulation. An internal referencenumber is assigned for a particular record so that it may be used toexpedite the search for any future referencing of the record. Adedicated FAX number is used for conveyance of information viafacsimile, including the actual cover sheet that used to send backcomments if a response is provided via facsimile. The output is providedin a patient-specified format and transmitted to the patient in a securemanner.

Accordingly, when requests are received by gatekeeper system 90, theinformation is selectively obtained from one or more data sources,including locally at system 90, to provide the requested information tothe requestor in the form of a report, as will be discussed below.

Embodiments of the present invention also embrace the ability ofrequesters, such as patients, to comment on the particular information.For example, patients may send their comments to the gatekeeper systemvia any number of ways or formats such as, via facsimile, standardcourier, mail, electronically, etc. If sent by facsimile, a particularfax number may be provided and dedicated for the purpose of receivingrequestor information. For example, in one embodiment it is a fax modemthat is set to only receive facsimiles. Accordingly, the comments arereceived in a specific location assuring that they will not be lost.

When a response (e.g. comment) is received from a patient, themechanisms for attaching any and all comments as if they were attachedfiles to the original request/response is invoked and appears in theaudit trail that will be discussed below. When information is receivedvia a facsimile store, the images of the comments in a patient responsefile are stamped the corresponding time and date for incorporation intothe record. In one embodiment, all flags and mechanisms that enabletracking of all interactions and communications with the patient areenabled and initiated.

Embodiments of the present invention embrace the managing of commentsreceived from requestors, such as patients. For example, patients mayrespond in any number of ways and there are appropriate mechanisms toaddress and deal with their individual responses. In one embodiment, theentity is enabled to appropriately support dealing with all aspects ofinteractions with the patient as required under the enacted regulations.Examples include setting a flag to indicate that the patient hasresponded with the status set to the verification of the completenessand/or accuracy of the information, the providing of minor comments, theproviding of substantial comments, additions made to records, requestsmade for changes to the information.

As illustrate in FIG. 3, once the requested information is obtained andis to be provided to the requestor, a single point of exit for thetransmission of individually identifiable patient data that is sent outin response to legitimate patient-approved requests is provided bygatekeeper system 90. The single point of exit creates a revenueopportunity via completely certified, de-identified data. Accordingly,de-identified information can be selectively sold to a variety ofbuyers, such as pharmaceutical companies, insurance companies,researchers, etc. In one embodiment, the information provided isencrypted. When the information is not de-identified, the individuallyidentifiable patient data is sent out in response to legitimate,authenticated, patient-approved requests.

In accordance with the present invention, information released to arequestor goes through the gatekeeper system. In other words, theinformation is not provided directly from the individual data sources tothe requester. Instead, the information from the data sources goesthrough the gatekeeper system to provide the information as a report tothe requestor.

Embodiments of the present invention embrace source data systems thatare secure from electronic and physical intrusion. Organizations utilizea combination of biometric and digital signature technologies to controlphysical and electronic access.

As provided above, all requests for data from a requestor 80, whetherreceived electronically or otherwise, are entered into the gatekeepersystem for processing. This includes all requests regardless of theirorigin. For example, requests received via facsimile, including a signedauthorization, are scanned into the gatekeeper system. Such documentsare compressed, digitized images that are bound to the information thatis retrieved, and both are included in an audit trail that is maintainedby gatekeeper system 90.

Since system 90 is the exclusive mechanism for receiving incomingrequests for information, it consolidates all facets of the requestingprocess, including validation, verification, and authentication of notonly the requests but also the accompanying patient-signedauthorization/consent. System 90 also provides the mechanisms to receiveauthenticated electronic requests from an entire industry (e.g., theinsurance industry) and from all other legitimate, patient-authorizedrequestors, including the patients themselves. Accordingly, the systemprovides the tools to receive and respond to patient-initiated requeststo retrieve, review, and comment on the data that the enterprise has onfile for the patients. As a result, the system eliminates the burden onthe data sources to provide the information directly to the requesters,and in accordance with established regulations.

With reference now to FIG. 4, a representative system of the presentinvention is illustrated that allows a requestor 110 to interface with aclearinghouse system 120, which provides the single point of entry andthe single point of exit. Clearinghouse system 120 includes one or moreservers 122 and one or more storage devices 124, and is in communicationwith a variety of medical centers 140 (e.g., hospitals, clinics,laboratories, etc.), wherein each medical center 140 includes acorresponding gatekeeper system 142. In FIG. 4, each gatekeeper system142 selectively provides information to clearinghouse system 120. Areport is provided to requester 110 in response to a request. Theinformation of the report is archived for a period of time (e.g., 6years) to satisfy the time limit set by regulation.

With reference now to FIG. 5, a flowchart is illustrated that provides arepresentative embodiment of processing that is performed to create,archive, and transmit a patient-specific report. In FIG. 5, executionbegins at step 150, where an authenticated request for information isreceived. At decision block 152 a determination is made as to whether ornot the request is authorized by the patient. If it is determined thatthe request is not authorized by the patient, execution proceeds to step154, where patient authorization is obtained and then to step 156.Alternatively, if it is determined at decision block 152 that therequest is authorized by the patient, execution proceeds directly tostep 156.

In step 156 the requested information is retrieved. A report is thenassembled at step 158. In one embodiment, the report includes suchinformation as the request made, the response being provided, thecorresponding audit trail, and other related information that is useful.A determination is made at decision block 160 as to whether or not toperform a review of the report. If it is determined at decision block160 that a review of the report is to be performed, execution proceedsto step 162 for the performance of the review of the report, and then tostep 164, where the review is included in the report. Execution thenproceeds to step 166. Alternatively, it is determined at decision block160 that a review is not to be performed on the report, executionproceeds directly to step 166.

At step 166 the report is encrypted and at step 168 the report isarchived in a storage device. Execution then proceeds to decision block170 for a determination as to whether or not the archive is complete. Ifit is determined that the archive is not complete, execution returnsback to 168 to allow the report to be completely archived.Alternatively, if it is determined at decision block 170 that thearchival of the report is complete, execution proceeds to step 172,where a copy of the report is transmitted to the authorized requester.

FIG. 6 illustrates a flowchart that provides a representative embodimentof processing that is performed to create, archive, and transmit ade-identified report. In FIG. 6, execution begins at step 180, where anauthenticated request for information is received. The requestedinformation is then retrieved at step 182 and the retrieved informationis de-identified at step 184. At step 186 the report is assembled.Execution then proceeds to decision block 188 for determination as towhether or not to perform a review. If it is determined at decisionblock 188 to perform a review, execution proceeds to step 190 for theperformance of the review and then to decision block 192. Alternatively,it is determined at decision block 188 that a review is not to beperformed execution proceeds directly to decision block 192.

At decision block 192 a determination is made as to whether or not toarchive the report that has been assembled. If it is determined atdecision block 192 that the report is to be archived, the executionproceeds to step 194 for the archival of the report and then to decisionblock 196. Alternatively, if it is determined at decision block 192 thatthe report is not to be archived, execution proceeds directly todecision block 196.

At decision block 196 a determination is made as to whether or not toencrypt the report that has been assembled. If it is determined atdecision block 196 that the report is to be encrypted, executionproceeds to step 198 for the encryption of the report and then to step200. Alternatively, if the report is not to be encrypted, executionproceeds directly to step 200, where the report is transmitted to therequester.

With reference now to FIG. 7, a representative system is illustratedthat enables a requestor to selectively obtain information from a publicdomain clearinghouse 214 and/or from a member clearinghouse 216, whereinthe member clearinghouse enables members to selectively update and/ormodify personal information. Member clearinghouse 216 obtainsinformation from information sources 218, which provide personalinformation, such as medical/health, financial, academic, and/or anyother type of information that would be useful to a requester. Themember clearinghouse provides a single point of entry and a single pointof exit to manage and oversee the information that is provided to therequester.

Thus, as discussed herein, the embodiments of the present inventionembrace information management. In particular, the present inventionrelates to systems and methods for managing data in compliance withregulated privacy, security, and electronic transaction standards. Thepresent invention may be embodied in other specific forms withoutdeparting from its spirit or essential characteristics. The describedembodiments are to be considered in all respects only as illustrativeand not restrictive. The scope of the invention is, therefore, indicatedby the appended claims rather than by the foregoing description. Allchanges that come within the meaning and range of equivalency of theclaims are to be embraced within their scope.

What is claimed is:
 1. In a system that includes a computer device, amethod for managing healthcare data in compliance with regulatedprivacy, security, and electronic transaction standards, the methodcomprising: receiving from a requestor a request for healthcareinformation relating to a patient, wherein any request is receivedthrough a single point of entry regardless of whether the request isfrom a requestor internal or external to a given healthcare facility;retrieving the requested healthcare information; assembling a report,wherein the report includes: the requested healthcare information; anycomments of the patient received at a gatekeeper system regarding therequested healthcare information; and an audit trail; and transmitting acopy of the report to the requestor through a single point of exitregardless of whether the request was from a requestor internal orexternal to the given healthcare facility.
 2. A method as recited inclaim 1, wherein the request electronically authenticated to beauthorized by the patient.
 3. A method as recited in claim 1, furthercomprising the step for determining whether patient authorization existsfor responding to the request, wherein if authorization from the patienthas not been obtained, performing the step for obtaining authorizationfrom the patient to provide the requested healthcare information.
 4. Amethod as recited in claim 1, wherein the copy of the report includespatient specific healthcare information.
 5. A method as recited in claim1, further comprising the step for determining whether to providede-identified healthcare information in response to the request, whereinif de-identified healthcare information is to be provided, performingthe step for de-identifying the requested healthcare information.
 6. Amethod as recited in claim 5, wherein the copy of the report includesde-identified healthcare information.
 7. A method as recited in claim 1,further comprising the step for selectively performing a review of thereport.
 8. A method as recited in claim 1, further comprising the stepfor selectively encrypting the report.
 9. A method as recited in claim1, further comprising the step for selectively archiving the report. 10.A method as recited in claim 9, wherein the report is automaticallyarchived for a period of time set by a regulation.
 11. A system formanaging healthcare data in compliance with regulated privacy, security,and electronic transaction standards, the system comprising: a computersystem comprising: a gatekeeper system having: a single point of entrythat is configured to selectively receive a request for healthcareinformation relating to a patient, wherein all requests are receivedthrough the single point of entry regardless of whether a requestor isinternal or external to a given healthcare system facility; and a singlepoint of exit that is configured to selectively provide a report inresponse to the request regardless of whether the requestor is internalor external to the given healthcare system facility, wherein the reportincludes the requested healthcare information relating to the patient,any comments of the patient received at the gatekeeper system regardingthe requested healthcare information, and an audit trail; and at leastone data source in communication with the computer system, wherein theat least one data sources comprises at least a portion of the requestedhealthcare information.
 12. A system as recited in claim 11, wherein thecomputer system includes an interface engine.
 13. A system as recited inclaim 11, wherein the request is an electronic request.
 14. A computerprogram product for implementing within a computer system a method formanaging data in compliance with regulated privacy, security, andelectronic transaction standards, the computer program productcomprising: a computer readable medium for providing computer programcode means utilized to implement the method, wherein the computerprogram code means is comprised of executable code for implementing thesteps for: receiving from a requestor a request for healthcareinformation relating to a patient, wherein any request is receivedthrough a single point of entry regardless of whether the request isfrom a requestor internal or external to a given healthcare facility;retrieving the requested healthcare information; assembling a report,wherein the report includes: the requested healthcare information; anycomments of the patient received at a gatekeeper system regarding therequested healthcare information; and an audit trail; and transmitting acopy of the report to the requestor through a single point of exitregardless of whether the request was from a requestor internal orexternal to the given healthcare facility.
 15. A computer programproduct as recited in claim 14, wherein the computer program code meansfurther comprises executable code for implementing the steps for:determining whether authorization from the patient exists for respondingto the request; and if the authorization from the patient does notexist, obtaining electronic authorization from the patient to providethe requested information.
 16. A computer program product as recited inclaim 14, wherein the computer program code means further comprisesexecutable code for implementing the steps for: determining whether toprovide de-identified healthcare information in response to the request;and if de-identified healthcare information is to be provided,de-identifying the requested healthcare information.
 17. A computerprogram product as recited in claim 14, wherein the computer programcode means further comprises executable code for implementing the stepfor selectively encrypting the report.
 18. A computer program product asrecited in claim 14, wherein the computer program code means furthercomprises executable code for implementing the step for selectivelyarchiving the report.
 19. A computer program product as recited in claim14, wherein the computer program code means further comprises executablecode for automatically implementing the step for archiving the reportfor a period of time set by a regulation.